W dniu czw, 07.09.2017 o godzinie 16∶42 -0400, użytkownik Rich Freeman napisał: > On Thu, Sep 7, 2017 at 4:36 PM, Michał Górny <mgo...@gentoo.org> wrote: > > W dniu czw, 07.09.2017 o godzinie 06∶21 -0700, użytkownik Rich Freeman > > napisał: > > > On Thu, Sep 7, 2017 at 6:04 AM, Ulrich Mueller <u...@gentoo.org> wrote: > > > > > > > > > On Thu, 7 Sep 2017, Rich Freeman wrote: > > > > > > > > Don't you think there is a difference between downloading a package > > > > that has a known upstream and that is also carried by other distros, > > > > and downloading a license-less package from a random location on the > > > > internet? > > > > > > Most upstreams do not do much checking about the ownership of their > > > sources. > > > > > > Gentoo certainly doesn't - we don't even require developers to submit a > > > DCO. > > > > > > Other projects like the Linux kernel require signing a DCO for each > > > commit, but do not do any checking beyond this. I have no doubt that > > > they would remove offending sources if they were contacted, but they > > > do not actively go out and confirm authorship. > > > > > > > > > > > > > The package in question doesn't come with any license though, which > > > > > > means that only the copyright holder has the right to distribute > > > > > > it. So I believe that some extra care is justified, especially when > > > > > > the upstream location of the distfile has changed. > > > > > > > > > > Why? We don't redistribute anything that is copyrighted. > > > > > > > > Users download the file, and I think that we are responsible to have > > > > only such SRC_URIs in our ebuilds from where they can obtain the > > > > package without being exposed to potential legal issues. > > > > > > I'm not aware of any court rulings that have found downloading > > > something like this to be illegal. > > > > > > > > > > > > Perhaps if we want to enforce a policy like this we should take the > > > > > time to actually write the policy down. As far as I can tell Gentoo > > > > > has no such policy currently. > > > > > > > > The old Games Ebuild Howto [1] has this: > > > > > > > > > LICENSE > > > > > > > > > > The license is an important point in your ebuild. It is also a > > > > > common place for making mistakes. Try to check the license on any > > > > > ebuild that you submit. Often times, the license will be in a > > > > > COPYING file, distributed in the package's tarball. If the license > > > > > is not readily apparent, try contacting the authors of the package > > > > > for clarification. [...] > > > > > > > > I propose to add the paragraph above to the devmanual's licenses > > > > section. > > > > > > > > > > We already know there isn't a license for redistribution. This > > > doesn't speak about requiring us to ensure that those distributing our > > > source files have the rights to do so. It merely says to check the > > > license. We understand the license already. I don't see how this > > > paragraph pertains to this situation. > > > > AFAIK you're a developer. So if you want to keep this package, then > > please do the needful and take care of it yourself instead of > > complaining and demanding others to do the work you want done. > > > > Are you saying it is sufficient to just point the SRC_URI at the new > URL and remove the mask? As far as I can tell that is all that needs > to be done. Per the policy the license is readily apparent, so there > is no need to contact the authors. >
I don't know what is sufficient. It's your business as the new maintainer to figure it out and take the responsibility. If there's nobody willing to do that, then we don't get to keep the package. Simple as that. -- Best regards, Michał Górny
